• 32% believe their information security professionals are missing competencies
• 44% still believe that they are falling behind in dealing with security threats
• Survey shows that organizations are now trying to spend on information security wisely
• Only 23% are very comfortable with the Information Security practices of their vendors
• Only 13% in India go in for independent attestations on outsourced work
• Information Privacy is still lagging in India
More From This Section
Unlike previous years, organisations have gradually started to focus on employees and other internal security challenges, along with external threats. There appears to be a marked difference between internal and external attacks. In a survey titled “2010 Global Security Survey-India Report” conducted by Deloitte Touche Tohmatsu India Private Limited, almost half of Indian respondents experienced at least one internal security breach during the past one year in their organisations. Whereas a respectable 66 percent state that they are “very confident” or “extremely confident” in their ability to thwart external attacks.
32 percent of Indian respondents believe their information security professionals are missing competencies to handle existing and foreseeable security requirements. Optimistically, information security awareness and training is among the top three security initiatives for the coming year. However, most security awareness programs start with an e-learning module, which raises awareness and knowledge, but does not necessarily alter behaviour.
The survey based on in-depth research and detailed interactions reached out to 62 organisations in India across industry verticals. The report provides valuable insights about security in India compared to security world over.
The previous edition of the security survey had found many companies investing less on security as they cut corners during the economic downturn. The damages done by last year’s budget cuts are reflected this year’s responses: Although 48 percent believe they are “on plan” in dealing with security threats, 44 percent still believe that they are falling behind or catching up in dealing with security threats.
“While organisations have taken a step in the right direction by reinforcing budgets towards information security, current strategies may still be inadequate to close the gaps. Aligning with global standards, focus on elements like Identity and Access management is also gathering steam”, says Sundeep Nehra, Senior Director, Deloitte Touche Tohmatsu India Private Limited.
Top spending priorities in 2010 include Identity and Access Management (IAM), data protection, security infrastructure improvement, regulatory and legislative compliance, and information security compliance remediation based on the findings of internal and external auditors.
In light of the global recession–and still fragile recovery–47 percent of respondents have established metrics/initiatives aligned with business value to measure the effectiveness of their security investments. These figures show that organizations are trying to spend their information security budgets wisely. They want to obtain high security levels at a reasonable price and are positioning themselves for an optimistic (but still uncertain) future.
In addition, it has been observed that third-party/vendor security capabilities are still doubted by majority organizations in India. This claim is supported by the fact that only 23 percent of the respondents are very comfortable with the Information Security practices of their vendors. This number is closer to 32 percent globally.
Moreover, while 29 percent organizations, globally, require some sort of independent attestations for work outsourced to third-party vendors, only 13 percent of the respondents in India go in for such independent attestations to understand whether Information Security practices are adequately used within the vendors organizations.
While Information Security has gathered some steam, the fact that Information Privacy is still lagging in India can easily be deciphered from the statistics of the survey. As per the survey, only 25 percent of the respondents in India suggested the existence of an Information Privacy program. The corresponding number globally is closer to the 46% mark.
“It is being observed that inspite of these shortcomings; Indian organisations are more proactive compared to their global counterparts. The market here is more favourable and responsive to the changes taking place globally. However, Global organizations treat compliance more seriously compared to Indian ones”, adds Nehra.